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Method for authorization check 

The present invention relates to a method for checking the 
authorization of a person, in his/her capacity as user of a 
5 system such as a payment system or a data system. 

Systems now in existence are used to check the authorization 
of a person in connection with payment. One such system is 
used within the Swedish Postal Service for payments made via 
io postgiro. In accordance with this system, the customer recei- 
ves a so-called SmartCard and a card reader for it. An en- 
cryption key is stored on the SmartCard, and it can be read 
by a microprocessor on the SmartCard after a PIN code has 
been entered. 

15 . ' 

The said encryption key is stored not only on the SmartCard, 
but also at the Swedish Postal Service postgiro department 
where it is linked to a specific person. 

20 When a payment is to be made, the user keys in the said PIN 
code, the number of the account to which the payment is to be 
sent and the amount in question. Herewith, the microprocessor 
performs a calculation based on the amount, the account num- 
ber and the encryption key in accordance with the so-called 

25 DES (Data Encryption Standard) algorithm, wherewith a signa- 
ture is generated by the said calculation. After this is 
done, the amount, the account number and the signature are 
transferred to the postgiro department in a suitable manner, 
via data, mail or fax for example. 

30 

The postgiro department receives the information and then 
performs the same calculation as set forth above and compares 
the result with the signature that was transferred. If the 
comparison results in a match, an authorized person, i.e. the 
35 holder of the SmartCard, is deemed to have ordered the tran- 
saction, wherewith the transaction is executed. The transac- 
tion is executed by transferring money from the postgiro 
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account of the SmartCard holder to the specified postgiro 
account. 

This payment system is automatic, and it can be used to make 
payments at any time of day or night. 

Obviously, it must be possible for the described system to be 
used by a person to show authorization for a system other 
than a postgiro or bank payment system. For example, it 
should be possible for a person to show authorization for a 
data system by entering his/her PIN code and two numbers 
other than an amount and account number, and then transfer- 
ring them together with the signature to the data system. If 
the data system contains the encryption key the signature can 
be calculated, and if a match is found the person to whom the 
SmartCard has been issued can be deemed to be the person who 
entered the items of information and is therefore authorized. 

However, a significant disadvantage of the described system 
is that the user must have access to a SmartCard and a speci- 
al card reader in order make a payment. 

The present invention solves this problem. 

The present invention thus relates to a method for checking 
authorization that incorporates a way to impart to a so- 
called smart card (SmartCard) an encryption key or equivalent 
key, and incorporates a way to have a microprocessor, using 
the encryption key and at least one number, perform a calcu- 
lation whose result comprises a signature, and incorporates a 
way to have the said signature together with the said number 
transferred to a system for which authorization is to be 
shown, wherewith such system includes a computer in which the 
said encryption key is stored, said computer being induced to 
perform the said calculation in order obtain the said signa- 
ture, and incorporates a way for this latter signature to be 
compared by the computer with the previously mentioned signa- 
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ture, characterized in that the said smart card is a so- 
called SIM-card intended for mobile telephony and a memory in 
said SIM-card is, in a first step, provided with unique in- 
formation containing a unique identity in order to communica- 
te telephonically using a mobile telephone and in that, in a 
second step, the SIM-card memory is provided with said en- 
cryption key, and in that a system for which authorization is 
to be shown is provided with the same encryption key linked 
to an identity of the SIM-card, and in that in response to 
the entry of an appropriate code and at least the said number 
via the keyboard on the mobile telephone, a microprocessor on 
the said SIM-card is induced to perform the said calculation 
resulting in the said signature. 

The present invention is not limited to any special field 
with regard to showing authorization. Instead, it is appli- 
cable for all kinds of systems such as payment systems, data 
systems, systems that check authorization before allowing 
entrance etc. 

The description of the present invention that follows, howe- 
ver, is for a system that provides payment via postgiro. 

The system is described in greater detail below, partially in 
connection with an example of an embodiment shown on the 
attached drawing, where: 

- Fig. 1 shows the included hardware schematically. 
Fig. 2 shows a SIM-card. 

- Fig. 3 shows a schematic view of a block diagram for which 
a function is described. 

Fig. 4 shows a schematic view of a block diagram for which 
another function is described. 

Fig. 1 shows mobile telephone 1 of an appropriately known 
type which is intended for use in a GSM system or an equiva- 
lent telephone system where a so-called smart card 
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(SmartCard) is used together with the mobile telephone to 
form a usable communication unit. In the GSM system, the 
smart card is a SIM-card. The mobile telephone includes a 
keyboard 2 and "a display 3. 

5 

Fig. 1 also shows a base station 4 for wireless communication 
with mobile telephone 1. In addition, a computer 5 is shown 
which belongs to the system with which the mobile telephone 
is to communicate. , 

10 - 

Fig. 2 also shows a SIM-card 6 that incorporates a micropro- 
cessor 7 together with its memory. 

The present invention relates to a method for checking autho- 
rs . rization, wherewith a so-called smart card (SmartCard) is 

provided with an encryption key KEY or an equivalent key, and 
wherewith a microprocessor 7 is induced to perform, based on 
the encryption key and at least one number, a calculation 
whose result comprises a signature. The said number is ente- 
20 red into the microprocessor from a keyboard. The signature, 
together with the said number, is then transferred to a sys- 
tem for which authorization is to be shown which includes a 
computer 5 in which said encryption key has been stored. 
Computer 5 is induced to perform the said calculation to 
25 obtain "the said signature. Computer 5 then compares this 

latter signature with the first-mentioned signature. If the 
two signatures match, authorization of the user is verified. 

The method is thus based on the user having a SmartCard that 
30 incorporates an identity unique to the user and an encryption 
key. It is presupposed that only the user him/herself will 
use the SmartCard. 

In accordance with the invention, the said smart card is a 
35 so-called SIM-card 6 intended for mobile telephony. In a 

^ first step, unique information that includes a unique identi- 
ty (IMSI as set forth in the GSM standard) is entered into 
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memory 7 in said SIM-card 6 in such a way as to support te- 
lephonic communication using a mobile telephone. This appro- 
priately takes place in the same as way as presently being 
used in the GSM system. 

5 

In a second step, the memory in SIM-card 6 is provided with 
the said encryption key. This memory can be the existing 
memory 7 or an extra memory. This is accomplished in a way 
that corresponds with the way the previously mentioned iden- 
w tity was entered, but it should preferably be carried out by 
the person who controls the system for which authorization is 
to be shown. 

In accordance with the invention, the system for which autho- 
rs rization is to be shown is provided with the same encryption 
key linked to an identity for the SIM-card. Here, for examp- 
le, the IMSI used for the SIM-card can serve as its identity 
ID. Alternatively, the encryption key in the said system can 
be linked to some other identity such as the user's telephone 
20 number, a customer number or a name. What is essential is 
that the system must later be able to retrieve the correct 
encryption key for a specified user. 

The invention is further characterized in that when a suitab- 
25 le code is entered along with at least the said number via 
keyboard 2 on mobile telephone 1, a microprocessor on the 
said SIM-card is induced to perform the said calculation 
resulting in the said signature. The microprocessor can be 
the regular microprocessor that is normally incorporated into 
30 the SIM-card, but it can also be a separate microprocessor on 
the SIM-card. In the latter case, however, the separate mic- 
roprocessor is linked to regular microprocessor . 7 on the SIM- 
card. 

35 The term "suitable code" means, for example, a code that is 
entered in order to put the mobile telephone in a mode in 
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which the microprocessor is induced to proceed with calcula- 
tion of the signature. 

Obviously, then, it suffices to have a mobile telephone and 
be able induce a microprocessor in a SIM-card to perform a 
calculation using an encryption key to obtain an electronic 
signature that can be transferred to a system for which aut- 
horization is sought, wherewith said system conducts an equi- 
valent calculation, thereby determining whether or not autho- 
rization can be verified. As a result, no other equipment is 
needed to show authorization, as mentioned in the introduc- 
tion. 

After authorization has been verified in the aforesaid man- 
ner, the mobile telephone can be used to have the system 
perform services such as making payments in situations where, 
the system is, for example, part of a postgiro system. 

In accordance with a preferred, embodiment, the said numbers 
comprise at least two numbers. This improves security signi- ^ 
ficantly. When the invention is applied to perform payments 
made via postgiro for example one of the numbers can comprise, 
the number of the account that is to receive a payment while 
the other can comprise the amount to be paid. 

This is illustrated in Fig, 3 by numbers Dl and D2 which are 
sent to the microprocessor in the mobile telephone via the 
keyboard on the mobile telephone. When the numbers are ente- 
red, the microprocessor retrieves the encryption key KEY from 
memory MEM and conducts the aforesaid calculation which re- 
sults in said signature SIG. 

In accordance with a preferred embodiment, the signature 
calculated by the mobile telephone together with at least the 
said numbers is caused to be transferred via mobile telephone 
network 4 to said system. 
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In accordance with an alternative embodiment, the signature 
calculated by the mobile telephone together with at least the 
said numbers is caused to be transferred directly from the 
mobile telephone to said system via an interface between the 
5 mobile telephone and the system such as a computer 5 be- 
longing to the system. The interface can comprise a cable 8 
or an infrared link or some other suitable link. 

In accordance with a preferred embodiment, the mobile telep- 
w hone is caused to present the said signature on the mobile 
telephone display. In such case, the user can, lor example, 
enter the said numbers and signature on a keyboard belonging 
to a computer that belongs to the system. 

is In accordance with a highly preferred embodiment, a special 
PIN code is assigned to the SIM-card in such a way that it 
can be. used to enable the card for said calculation of the 
signature. This further enhances security since the user must 
a) know his/her PIN code to start the mobile telephone and 

20 b) know his/her PIN code to access and start the calculation 
process used to obtain the electronic signature. 

To facilitate the making of correct payments for example and 
in accordance with a preferred embodiment, the mobile telep- 
25 hone is caused to present the said numbers on its display. An 
account number and an amount, for example, can be displayed 
before the signature is calculated. 

When the signature has been calculated, data is thus trans- 
30 f erred to the system. Herewith, as illustrated in Fig. 4, a 
user identity ID such as a telephone number, an IMSI or some 
other identity . is always transferred. Signature SIG is also 
always transferred. Moreover, at least one number Dl or D2 is 
always transferred. If payments are involved, account number 
35 Dl and amount D2 are transferred. When this has happened, the 
system computer 5 retrieves the encryption key KEY that is 
linked to identity ID from a memory MEM and then calculates 
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the signature. When this, is done, the computer compares the 
calculated signature with the signature SIG that was trans- 
ferred from the mobile telephone. If the two signatures 
match, the user is deemed to have shown his/her author iza- 
5 tion, whereupon payment 9 is made. 

To further enhance security, a serial number can be included 
as one of the said numbers. If payments are involved, calcu- 
lation is then performed on the basis of an account number, 
to an amount and a serial number. The serial number can range 

from 00 to 99. When the first payment is made, serial number 
00 is used, when the second payment is made serial number 01 
is used and so forth. Correspondingly, the system increments 
the serial number by counting the number of payment transac- 
ts tions originating from the same user. 

This means that each payment transaction generates a unique 
signature even if the same amount is paid to the same account 
number more than once . 

20 

It is obvious that the present invention, by using a mobile 
telephone, permits authorization to be checked vis-a-vis an 
arbitrary system and permits payments via postgiro or a bank 
at any time of day or night with excellent security and wit- 
25 hout requiring any extra equipment beyond a mobile telephone. 

A number of different embodiments have been described above. 
However, it is obvious that the numbers on which calculation 
of the signature is based can be numbers other than those 
30 exemplified above. Moreover, information in addition to what 
is set forth above can be transferred from the mobile telep- 
hone to the system in order to verify authorization. 

The present invention shall thus not be considered limited to 
35 the embodiments set forth above. Instead it can be varied 
within the scope set forth in the attached claims. 
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Claims 

1. Method for checking authorization incorporating a way to 
impart to a so-called smart card (SmartCard) an encryption 
key or equivalent key and a way to induce a microprocessor, 
by means of the encryption key and at least one number, to 
carry out a calculation whose result comprises a signature, 
and a way to have said signature, together with said number, 
transferred to a system for which authorization is to be 
shown, where said system includes a computer in which said 
encryption key has been stored and to have said system per- 
form said calculation whose result will comprise said signa- 
ture, and a way to have the computer compare the latter sig- 
nature with the first-mentioned signature characterized in 
that said smart card is a so-called SIM-card (6) intended for 
mobile telephony, and in that the memory (MEM) on said SIM- 
card is, in a first step, provided with unique information 
including a unique identity in order to communicate telepho- 
nically using a mobile telephone, and in that the memory on 
the SIM-card in a second step is provided with said encryp- 
tion key (KEY) , and in that a system for which authorization 
is to be shown is provided with the same encryption key (KEY) 
linked to an identity of SIM-card (6) , and in that when a 
suitable code (PIN) is entered along with at least said num- 
ber via the keyboard (2) on the mobile telephone (1), a mic- 
roprocessor (7) on the said SIM-card is induced to perform 
the said calculation resulting in the said signature (SIG) . 

2. A method in accordance with claim 1, characterized in 
that the said number contains at least two numbers. 

3. A method in accordance with claim 1 or 2 , characterized 
in that the signature (SIG) calculated by the mobile telepho- 
ne (l, 7) together with at least the said number is caused to 
be transferred to said system (5) via the mobile telephone 
network . 
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4. A method in accordance with claim 1 or 2, characterized 
in that the signature (SIG) calculated by the mobile telepho- 
ne (1, 7) together with at least the said number is caused to 
be transferred" directly from the mobile telephone (1) to said 
system (5) via an interface between the mobile telephone and 
the system, such as a computer belonging to the system. 

5. A method in accordance with claim 1, 2, 3 or 4 , characte- 
rized in that the mobile telephone (1) is caused to present 
said signature (SIG) on the display (3) on the mobile telep- 
hone, 

6. A method in accordance with claim 1, 2, 3, 4 or 5, cha- 
racterized in that a special PIN code is imparted to SIM-card 
(6) to enable it for the said calculation of signature. 

7. A method in accordance with claim 1, 2,-3, 4, 5 or 6, 
characterized in that the mobile telephone (1) is caused to 
present the said number on its display (3) . 
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